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REMARKS 

I. Interview Summary 

Applicant acknowledges with appreciation the time and cooperation extended by 
the Examiner in conducting a telephonic interview with Applicant's representative on 
November 10, 2009. During the interview, the issues raised in the Final Office Action 
mailed April 13, 2009, were discussed. Although proposed claim amendments were 
discussed, an agreement with respect to the claims was not reached. The substance of 
the interview is included in the remarks below. 

II. Status of the Claims 

The Office Action mailed November 18, 2009, rejected claims 1-7, 10-18, 21, 22, 
and 24-45 under 35 U.S.C. § 103(a) as being unpatentable over Bosley et al. (U.S. 
Patent No. 7,054,867) in view oi Zenchelsky et al. (U.S. Patent No. 6,233,686), and 
further in view of Bommareddy et al. (U.S. Patent No. 6,880,089). 

By this Amendment, Applicant amends claims 1, 3, 6, 10, 16, 27, 28, 30, 31, 38, 
and 45, and cancels claims 2, 13-15, 18, 34-36, and 41-43. Claims 1, 3-7, 10-12, 16, 
17, 21, 22, 24-33, 37-40, 44, and 45 remain pending. 

In an attempt to advance prosecution, Applicant herein amends the claims as 
proposed by the Examiner In the Interview Summary mailed on November 18, 2009. 
The Examiner has indicated that "such amendment will overcome the cited prior art and 
would result [in] an allowance." Interview Summary, p. 4. For example, Applicant 
amends claim 10 to incorporate recitations of dependent claims 14 and 15. Applicant 
also amends claim 1 to recite, what was previously inherent in the original claim words, 
"that the second processing unit [is] different than the first processing unit." The 
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Examiner's proposed amendment to "clarify that multidimensional address space is 
determined based on hash function and division modulo" has not been made at least 
because the recitation of a "multidimensional address space" is not found in the present 

claims. 

III. Rejection of claims 1-7. 10-18. 21. 22. and 24^5 under 35 U.S.C. § 103(a) 

Applicant respectfully traverses the rejection of claims 1-7, 10-18, 21, 22, and 
24-45 under 35 U.S.C. § 103(a). A prima facie case of obviousness has not been 
established at least because the differences between the prior art and Applicant's 
claims are such that it would not have been obvious for one of ordinary skill in the art at 
the time of the invention to modify the prior art to arrive at Applicant's claimed invention. 

In order to establish a rejection under 35 U.S.C. § 103(a), the claimed invention 
must be considered as whole. M.P.E.P. § 2141.02. However, in rejecting claim 10, the 
Office Action improperly dissects the claim recitations into disjointed and incoherent 
pieces. Office Action, pp. 3-5. 

As a whole, the claimed invention as recited, for example, in amended claim 10, 
is directed to a method for addressing packets associated with a plurality of processing 
units, each processing unit being associated with one of a plurality of firewall nodes in a 
firewall cluster within a single network. As discussed in the Reply to Office Action filed 
on September 1 1 , 2009, one function of a firewall node is to direct traffic (e.g., data 
packets) from a first network to a second network. In the process of directing traffic, a 
first firewall node may translate or modify the address of the source address and source 
port of an incoming packet to the source address of the firewall cluster and source port 
of the first firewall node. Specification, H 035. In some instances, the modified address 
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created by the first firewall node may conflict with a modified address created by a 

second firewall node. Id. The claimed invention as recited in claim 10 prevents address 

conflicts by, among other things: 

determining, by the first processing unit, whether the 
N-tuple address of the received packet is within an N-tup!e 
space assigned to the first processing unit based on a 
quadrant identifier value assigned to the first processing unit, 
wherein the N-tuple space assigned to each of the plurality 
of processing units is different, and wherein the quadrant 
identifier is determined using a hash function; 

sending the packet with the N-tuple address, when it 
is detennined that the N-tuple address is within the N-tuple 
space assigned to the first processing unit; 

determining, when the N-tuple address of the 
received packet is not within the N-tuple space assigned to 
the first processing unit, a modified N-tuple address based 
on the N-tuple space assigned to the first processing unit, 
such that the modified N-tuple address does not conflict with 
addresses assigned by any of the other plurality of 
processing units; and 

sending the packet based on the modified N-tuple 
address. 

At a minimum, Bosley et al. fails to teach or suggest the above claim recitations. 

On the contrary, Bosley et al. discloses a distributed routing and indexing 
framework for a network. Bosley et al., 1:14-16 and 4:1 5-17. As disclosed by Bosley et 
al., individual servers or computers (i.e., nodes) within the network are assigned a 
unique node ID that describes the location of a node. Id. at 6:31-34 and 6:45-48. To 
have the network be collision resistant, Bosley et al. discloses that the unique node IDs 
are generated using a 160-bit hash key. Id. at 6:31-44. According to Bosley etal., a 
160-bit hash value "represents a binary number large enough to represent over a trillion 
trillion trillion possible values." Id. at 7:31-33. For this reason, "only a very small 
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percent of the possible values that can be defined by such a large binary value will 
actually have a node associated with them." Id. at 7:34-39. 

As is evident from the above, Bosley et al. discloses the use of an extremely 
large address space to prevent collision in a routing and indexing network. Accordingly, 
Bosley et al. does not teach or suggest "determining, by the first processing unit, 
whether the N-tuple address of the received packet is within an N-tuple space assigned 
to the first processing unit based on a quadrant identifier value assigned to the first 
processing unit, wherein the N-tuple space assigned to each of the plurality of 
processing units is different, and wherein the quadrant identifier is determined using a 
hash function," "sending the packet with the N-tuple address, when it is detennined that 
the N-tuple address is within the N-tuple space assigned to the first processing unit," 
"determining, when the N-tuple address of the received packet is not within the N-tuple 
space assigned to the first processing unit, a modified N-tuple address based on the N- 
tuple space assigned to the first processing unit, such that the modified N-tuple address 
does not conflict with addresses assigned by any of the other plurality of processing 
units," and "sending the packet based on the modified N-tuple address," as recited in 
amended claim 10. 

Zenchelsky et al. and Bommareddy et al. fail to cure the above deficiencies of 
Bosley et al. For example, Zenchelsky et al. discloses a method for restricting, using a 
firewall or filter, a system's access to a network by using access rules for the system. 
Zenchelsky et al., 5:17-25. As disclosed by Zenchelsky et al., the local rules may be 
stored on the filter and associated with the corresponding system by executing a hash 
function on the network address of the system. Id. at 7:24-34. Zenchelsky et al. further 
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discloses that the result of the executed hash function is used to index the system with 
its local rules. Id. at 7:35-42. Nowhere does Zenchelsky et al. teach or suggest 
"determining, by the first processing unit, whether the N-tuple address of the received 
pacl<et is within an N-tuple space assigned to the first processing unit based on a 
quadrant identifier value assigned to the first processing unit, wherein the N-tuple space 
assigned to each of the plurality of processing units is different, and wherein the 
quadrant identifier is determined using a hash function," "sending the packet with the N- 
tuple address, when it is determined that the N-tuple address is within the N-tuple space 
assigned to the first processing unit," "determining, when the N-tuple address of the 
received packet is not within the N-tuple space assigned to the first processing unit, a 
modified N-tuple address based on the N-tuple space assigned to the first processing 
unit, such that the modified N-tuple address does not conflict with addresses assigned 
by any of the other plurality of processing units," and "sending the packet based on the 
modified N-tuple address," as recited in amended claim 10. 

Bommareddy et al. discloses the use of "firewalls [to] perform filtering operations 
and/or network address translation (NAT) services." Bommareddy et al., 6:57-60. 
However, as disclosed by Bommareddy et al., NAT is simply used "to modify each 
packet, changing the destination address from its IP address to the actual address of 
the server that is to receive the traffic" and "to modify the 'From' address in each packet 
to create the appearance that the PC load balancer sent the packets." Id. at 2:38-44. 
Bommareddy et al. does not disclose the claimed method of preventing address 
conflicts. Specifcally, Bommareddy et al. does not teach or suggest "determining, by 
the first processing unit, whether the N-tuple address of the received packet is within an 
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N-tuple space assigned to the first processing unit based on a quadrant identifier value 

assigned to the first processing unit, wherein the N-tuple space assigned to each of the 

plurality of processing units is different, and wherein the quadrant identifier is 

determined using a hash function," "sending the packet with the N-tuple address, when 

it is detemiined that the N-tuple address is within the N-tuple space assigned to the first 

processing unit," "determining, when the N-tuple address of the received packet is not 

within the N-tuple space assigned to the first processing unit, a modified N-tupIe 

address based on the N-tuple space assigned to the first processing unit, such that the 

modified N-tuple address does not conflict with addresses assigned by any of the other 

plurality of processing units," and "sending the packet based on the modified N-tuple 

address," as recited in amended claim 10. 

Amended independent claim 1, recites a method for addressing packets in a 

firewall cluster within a single network to prevent conflicts by, among other things: 

modifying, by the first processing unit, as a function of 
a n-tuple space for representing addresses processed by a 
set of processing units, a first address for the first packet into 
a second address for the first packet, the second address 
being within a range of addresses assigned only to the first 
firewall node; 

selecting, from the firewall cluster within the single 
network, a second firewall node for processing a second 
packet; 

receiving, at a second processing unit associated with 
the second firewall node, the second packet, the second 
processing unit being different than the first processing unit; 

modifying, by the second processing unit, as a 
function of a n-tuple space for representing addresses 
processed by a set of processing units, a first address for the 
second packet into a second address for the second packet, 
the second address being within a range of addresses 
assigned only to the second firewall node, such that the 
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second address of the second packet does not conflict with 
the second address of the first packet. 

Bosley et al., Zenchelsky et al., and Bommareddy et al., taken alone or in any proper 

combination, fail to teach or suggest the above claim recitations, nor does the Office 

Action attempt to rely on Bosley et al., Zenchelsky et al., and Bommareddy et al. for 

such a teaching. 

Independent claim 24 recites a method for addressing packets in a firewall 

cluster within a single network to prevent conflicts by, among other things: 

detennining a quadrant identifier based on the read 
N-tuple address, a hash function, and modulo division; 

determining whether the read N-tuple address 
corresponds to the first processing unit based on the 
quadrant identifier; 

sending the packet with the N-tuple address, when 
the quadrant identifier corresponds to the first processing 
unit; and 

determining, when the quadrant identifier does not 
correspond to the first processing unit, a modified N-tuple 
address that corresponds to the first processing unit, such 
that the modified N-tuple address does not conflict with 
addresses assigned by any of the other processing units; 
and 

sending the packet based on the modified N-tuple 
address. 

Bosley et al., Zenchelsky et al., and Bommareddy et al., taken alone or in any proper 
combination, fail to teach or suggest the above claim recitations, nor does the Office 
Action attempt to rely on Bosley et al., Zenchelsky et al., and Bommareddy et al. for 
such a teaching. 

For at least the above reasons, the Office Action has neither properly determined 
the scope and content of the prior art nor properly ascertained the differences between 
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the prior art and independent claims 1,10, and 24. Accordingly, the Office Action has 
not clearly articulated a reason as to why amended independent claims 1,10, and 24 
would have been obvious to one of ordinary skill in view of the prior art. Therefore, a 
prima facie case of obviousness has not been established for independent claims 1,10, 
and 24. Applicant thereby respectfully requests that the rejection of claims 1,10, and 
24 be withdrawn and the claim allowed. 

Independent claims 27-31, 37, 38, 44, and 45, while of different scope than 
independent claims 1,10, and 24, distinguish over Bosley et al., Zenchelsky et al., and 
Bommareddy et al. for at least similar reasons as those noted above for claims 1,10, 
and 24. Accordingly, Applicant also respectfully requests the withdrawal of the rejection 
of independent claims 27-31, 37, 38, 44, and 45 under 35 U.S.C. § 103(a) and the 
timely allowance of the claims. 

Claims 3-7, 11, 12. 16, 17, 21, 22, 25, 26, 32, 33, 39, and 40 depend from 
independent claims 1,10, 24, 31, and 38 and therefore patentably distinguish from 
Bosley et al., Zenchelsky et al. and Bommareddy et al. for at least the reasons 
discussed above. Accordingly, Applicant also respectfully requests withdrawal of the 
rejection of dependent claims 3-7, 11, 12, 16, 17, 21, 22, 25, 26, 32, 33, 39, and 40 
under 35 U.S.C. § 103(a) and the timely allowance of the claims. 

The preceding remarks are based on the arguments presented in the Office 
Action, and therefore do not address patentable aspects of the invention that were not 
addressed in the Office Action. The pending claims may include other elements that 
are not shown, taught, or suggested by the cited art. Accordingly, the preceding 
remarks in favor of patentability are advanced without prejudice to other bases of 
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patentability. Furthermore, the Office Action contains a number of statements reflecting 
characterizations of the related art and the claims. Regardless of whether any such 
statement is Identified herein, Applicant declines to automatically subscribe to any 
statement or characterization in the Office Action. 

Please grant any extensions of time required to enter this response and charge 
any additional required fees to Deposit Account 06-0916. 



Respectfully submitted, 



FINNEGAN, HENDERSON, FARABOW, 
GARRETT & DUNNER, L.L.P. 



Dated: January 19, 2010 




Arthur A. Smith 
Reg. No. 56,877 
Telephone: 202.408.4000 
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